diff --git a/SOURCES/openvswitch-2.15.0.patch b/SOURCES/openvswitch-2.15.0.patch index 225a9ec..5a3e1af 100644 --- a/SOURCES/openvswitch-2.15.0.patch +++ b/SOURCES/openvswitch-2.15.0.patch @@ -20595,6 +20595,21 @@ index 5fae46adfc..ccf97266c0 100644 cmap_destroy(&udpif->ukeys[i].cmap); ovs_mutex_destroy(&udpif->ukeys[i].mutex); } +diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c +index 7108c8a301..479e459fcb 100644 +--- a/ofproto/ofproto-dpif-xlate.c ++++ b/ofproto/ofproto-dpif-xlate.c +@@ -7127,7 +7127,9 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, + break; + + case OFPACT_CT_CLEAR: +- compose_ct_clear_action(ctx); ++ if (ctx->conntracked) { ++ compose_ct_clear_action(ctx); ++ } + break; + + case OFPACT_NAT: diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index fd0b2fdea0..5ce56adfae 100644 --- a/ofproto/ofproto-dpif.c @@ -21587,7 +21602,7 @@ index 199db8ed0f..59093c03c9 100644 bad_action 'fin_timeout(foo=bar)' "invalid key 'foo' in 'fin_timeout' argument" diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at -index 31064ed95e..da9dcd37ca 100644 +index 31064ed95e..f99a60444f 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at @@ -342,6 +342,22 @@ AT_CHECK([test `egrep 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3]) @@ -21749,6 +21764,38 @@ index 31064ed95e..da9dcd37ca 100644 AT_SETUP([ofproto-dpif - ICMPv6]) OVS_VSWITCHD_START add_of_ports br0 1 +@@ -10842,6 +10938,31 @@ dnl + NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=106 in_port=2 (via action) data_len=106 (unbuffered) + udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=2,tp_dst=1 udp_csum:553 + ]) ++ ++dnl The next test verifies that ct_clear at the datapath only gets executed ++dnl if conntrack information is present. ++AT_DATA([flows.txt], [dnl ++table=0 in_port=1 actions=ct_clear,ct_clear,ct_clear,p2 ++]) ++AT_CHECK([ovs-ofctl del-flows br0]) ++AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) ++AT_CHECK([ovs-appctl ofproto/trace br0 'in_port=p1,dl_src=50:54:00:00:00:05,dl_dst=50:54:00:00:00:07,dl_type=0x0800,nw_src=192.168.0.1,nw_dst=192.168.0.2'], [0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: 2 ++]) ++AT_DATA([flows.txt], [dnl ++table=0 in_port=1 ip actions=ct_clear,ct(table=1) ++table=1 in_port=1 actions=ct_clear,ct_clear,goto_table:2 ++table=2 in_port=1 actions=ct_clear,p2 ++]) ++AT_CHECK([ovs-ofctl del-flows br0]) ++AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) ++AT_CHECK([ovs-appctl ofproto/trace br0 'in_port=p1,dl_src=50:54:00:00:00:05,dl_dst=50:54:00:00:00:07,dl_type=0x0800,nw_src=192.168.0.1,nw_dst=192.168.0.2'], [0], [stdout]) ++AT_CHECK([grep Datapath stdout | sed 's/recirc(.*)/recirc(X)/'], [0], ++ [Datapath actions: ct,recirc(X) ++Datapath actions: ct_clear,2 ++]) ++ + OVS_VSWITCHD_STOP + AT_CLEANUP + diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at index 5ddca67e71..604f15c2d1 100644 --- a/tests/ovs-ofctl.at diff --git a/SPECS/openvswitch2.15.spec b/SPECS/openvswitch2.15.spec index 4636a95..61379b9 100644 --- a/SPECS/openvswitch2.15.spec +++ b/SPECS/openvswitch2.15.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.15.0 -Release: 37%{?dist} +Release: 38%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -697,6 +697,22 @@ exit 0 %endif %changelog +* Wed Sep 15 2021 Timothy Redaelli - 2.15.0-38 +- ofproto-dpif-xlate: Avoid successive ct_clear datapath actions. [RH git: f9a9ac7608] (#1941027) + Due to flow lookup optimizations, especially in the resubmit/clone cases, + we might end up with multiple ct_clear actions, which are not necessary. + + This patch only adds the ct_clear action to the datapath if any ct state + is tracked. + + Resolves: #1941027 + + Signed-off-by: Eelco Chaudron + Acked-by: Timothy Redaelli + Signed-off-by: Ilya Maximets + (cherry picked from commit 355fef6f2ccbcf78797b938421cb4cef9b59af13) + + * Wed Sep 08 2021 Open vSwitch CI - 2.15.0-37 - Merging upstream branch-2.15 [RH git: b36eb7e529] Commit list: